diff --git a/.env.production.sample b/.env.production.sample index 87ea031c4..3dd66abae 100644 --- a/.env.production.sample +++ b/.env.production.sample @@ -50,6 +50,7 @@ OTP_SECRET= # Must be available (and set to same values) for all server processes # These are private/secret values, do not share outside hosting environment # Use `bin/rails db:encryption:init` to generate fresh secrets +# Do not change these secrets once in use, as this would cause data loss and other issues # ------------------ # ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= # ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= diff --git a/config/initializers/active_record_encryption.rb b/config/initializers/active_record_encryption.rb index c53f16d4d..9ae28e401 100644 --- a/config/initializers/active_record_encryption.rb +++ b/config/initializers/active_record_encryption.rb @@ -10,7 +10,9 @@ ENV[key] = SecureRandom.hex(64) end - value = ENV.fetch(key) do + value = ENV.fetch(key, '') + + if value.blank? abort <<~MESSAGE Mastodon now requires that these variables are set: